Today | RSS | RDF | Atom | Other
 
Advanced Search
Eric's weblog
Weird Thoughts From Eric's Head

Tags - Categories : All | AJAX | BUSINESS | PERSONAL | PROGRAMMING | BOOK REVIEW
October 2005
SunMonTueWedThuFriSat
       1 
 2  3  4  5  6  7  8 
 9  10  11  12  13  14  15 
 16  17  18  19  20  21  22 
 23  24  25  26  27  28  29 
 30  31      
Sep  |  Today  |  Nov

Recent Blog Entries
Google Chrome Debugger

Co-Author of Ajax In Action Ajax In Action

Recent Responses
Re: Make innerText compatiable
A better way to do this now is: if(document.all){ document.getElementB...

Re: The responseXML is null or has an error.
Another problem that can screw up your XML response when it is generated by PHP code is when you make a call to a PHP function that reports a warning such as the mail function does when there is a problem with the mail set up. You can suppress these wa...

Other Blogs
Dave Crane
Val's Blog
Dirk's Blog
Nate's weblog
Ajith Kallambella
Lasse's weblog
Gregg's Weblog
Hershey's Blog
My Cave Online
Bounces amongst neurons
Six Sides To A Box
Jia Yo!
Moose in Headlights
Unresolved References
This That and The Other...
Just My Thoughts
Balaji's blog
Java Ranch Book Reviews
Corey's SCJP Tipline, etc.
JavaRanch News
Eric's weblog
Barry's weblog
Mike Curwen's Blog
David's blog
In through the out door
Frank Carver's weblog
Peabody's
Uncontrolled Vocabularies
The Bear Den
I've Been Wondering...
Simon Brown
Permalink
[PROGRAMMING] Ajax: Is it the end of the session as we know it?

Ajax: Is it the end of the session as we know it?

One of the things that some developers are throwing out the window when using Ajax is the basic concept of session management. Now a session is a good thing when we are talking about secure data! Session logs us out automatically after a set period of time when we forget to log out of a page when we leave to use the toilet. If we forget to lock our workstation anyone can access the information. I do not want my employer seeing all of those responses to my resumes I sent out for Ajax jobs. (Hopefully my employer does not read my blog! - LOL - If they do, give me a raise and I may stay.)

Ah, I need to get back on track. Session is one of those things that needs to be in an application to make sure the person using the application is that person. Now what is the problem with Ajax and session? Let us look at an Ajax application and see what the problem is and the solutions that we can come up with.

The sample application I want to talk about is a Ajax based stock ticker that grabs stock data to display every 2 minutes. This Ajax application seems to be on the popular side of Ajax scripts now on some major Web sites. Let’s say that this stock ticker hits a server side page to make a request. The server side page, in return, is generating a dynamic XML document containing the stock data. Since we are posting data to the server, it is renewing our session each time we make a request. Now that means every 2 minutes, when the ticker is updated, it is telling the server that we are still there. But I could be in my other office with my pants around my ankles reading the sports section of the local paper on how the Giants killed the Redskins on Sunday! Now, how can we stop this renewing of the session?

One way of doing it to call an XML page that is created dynamically by some other server side process. Calling the XML file does not renew our session! But that really stinks if we need to have the stock data customized to our needs. I do not care about QWERTY stock, I care about ASDFGH stock. So how can we keep session management in the picture while using the server to customize our data based on our preferences and current session state? Well you could generate a custom XML file for every user if you do not mind managing 100,000,000 XML files. Instead of that crazy solution, you can build a parameter into your session management that we can monitor.

This parameter is a simple date timestamp variable that is set each time the user makes a request to the server. Now I highlighted the word user since that is the action that we know has to control our session. With an Ajax request, we do not update this user session variable. Therefore whenever a user action makes a request we need to check to see if the session is still valid by the date. Yes this method stinks, but this is the only real secure way of maintaining security while using session and other parameters that are relevant to our user.

If anyone else can come up with another solution to this problem, I would love to hear it.

Eric Pascarello
Moderator of HTML/JavaScript at www.JavaRanch.com
Author of: JavaScript: Your Visual Blueprint for Dynamic Web Pages

TrackBacks[0] Comments[4] Posted by pascarello on October 31, 2005 12:06:35 PM EST
Permalink
[PERSONAL] [PROGRAMMING] Amazon is shipping Ajax In Action!

Amazon is shipping Ajax In Action!

I just saw that Amazon is now shipping my latest book Ajax In Action. Dave, Darren, and I put a lot of time in effort into this book and hopefully you all will enjoy it and learn a lot from it. All of the reviews have been good so far. If you pick up a copy feel free to drop me a line at pascarello@javaranch.com and tell me what you think. If you have questions regarding Ajax, you can always ask them in the HTML and JavaScript forum here on JavaRanch!

Thanks for everyone's support!
Eric Pascarello

TrackBacks[0] Comments[3] Posted by pascarello on October 28, 2005 2:37:56 PM EST
Permalink
[PROGRAMMING] Remembering the Page, Div, or DataGrid's scroll position.

Remembering the Page, Div, or DataGrid's scroll position.

Well I thought I would revamp my remember the scroll position script one more time to make it easier to add onto the page. This one still uses cookies, but I am working on a new version that will give you an option to use a hidden element on the page. But for now you can use a more "oo" type of code to have the browser retain the scroll position so your divs, datagrids, and page will stay where the user left it.

The code and demo can be found here: http://pascarello.brinkster.net/rememberScrollPosition.html

Eric Pascarello
Moderator of HTML/JavaScript at www.JavaRanch.com
Co-Author of: Ajax In Action

TrackBacks[0] Comments[0] Posted by pascarello on October 28, 2005 2:26:15 PM EST
Permalink
[PROGRAMMING] Ajax: Tackle the Refresh Button

Ajax: Tackle the Refresh Button

One of the problems that an Ajax application faces is the refresh button. Person hits it and all of the Ajax inputs have been wiped clean. Well I thought that I would point you to an article I wrote. It talks about taking the issue of the refresh button away from an Ajax application. You can find the article with a working example here: http://www.pascarello.com/rememberHistory.aspx

Eric Pascarello
Moderator of HTML/JavaScript at www.JavaRanch.com
Co-Author of: Ajax In Action

TrackBacks[0] Comments[7] Posted by pascarello on October 27, 2005 4:08:54 PM EST
Permalink
[PROGRAMMING] Ajax's responseXML Error

Ajax's responseXML Error

One thing that I see being asked more and more is why am I getting an error when I try to read the responseXML property. Well the main reason is normally the developer forgot to add the Content Type to set the document to XML. Other reasons is that the server has a problem with XML (I think I have seen this with Apache mainly.) As a result I wrote an article over on my site showing the error and how to correct it using the DOMParser. You can find the article here: http://www.pascarello.com/TestHTMLXMLfromServer.htm. The best solution is to set the Content Type and make sure the server is serving the dynamic XML documents correctly!

Eric Pascarello
Moderator of HTML/JavaScript at www.JavaRanch.com
Author of: JavaScript: Your Visual Blueprint for Dynamic Web Pages

TrackBacks[0] Comments[2] Posted by pascarello on October 26, 2005 12:37:56 PM EST
Permalink
[PROGRAMMING] Updating User Session with Ajax - Round 2

Updating User Session with Ajax - Round 2

Well back by popular demand is updating your user's session with Ajax. Back in this blog posting: http://radio.javaranch.com/pascarello/2005/07/05/1120592884938.html I wrote a little script that used a confirm to update the session with Ajax.

Now of course that causes some trouble with the user not answering the confirm, removing focus from the element, and so on. With that in mind I rewrote the JavaScript functionality to make it more user friendly and give it that rich user interface people want.

It now uses a layer to float onto the page so we do not disrupt the user's actions when it comes on the screen. It also changes the message when the message has been on the screen after a set period of time. No more update your session message after it has expired. Plus I am using some code from my book Ajax In Action to make the request as easy as possible. The .net loader is explained in it in detail, so if you like it then you may want to pick up the book to learn more. The Ajax Session Management script is avaiable on my website at: http://www.pascarello.com/AjaxSessionTimer.aspx

Tell me what you think, any changes, etc.

Eric Pascarello
Moderator of HTML/JavaScript at www.JavaRanch.com
Author of: JavaScript: Your Visual Blueprint for Dynamic Web Pages

TrackBacks[0] Comments[17] Posted by pascarello on October 25, 2005 8:28:50 AM EST
Permalink
[PROGRAMMING] Ajax: Caching Problem with Requests

Ajax: Caching Problem with Requests

Well I am back from getting married and I am done with writing Ajax in Action so I thought that I would fill in some spare time and talk about a simple fix for a common question I get via email and the forums almost daily.

The question: The Ajax request is grabbing the cached page from the previous request, how do I stop this from happening? Well I have seen some fancy approaches by people, but there is one easy solution that works: a random query string value appended to the request.

So how and why does this work. Well it simple terms, when the browser looks at the destination, if it has a match, then it uses the data it has. Now this is great for when you are going to a static website, but since we are looking for new data, it sucks. By appending a random value to our parameters that we are sending back, it forces the browser to say, "Stop the press! We got new info here! Lets go get the data!"

I use this on my projects since I know my users have a major history of caching pages, especially with my dynamic PDF reports. It is always safer to append a random item to the query then having to worry about cached information.

The random tidbit of information you will submit to the server can be a number (larger the better), random string, or a timestamp. I prefer using the timestamp!

Well I hope this solves the problem of cached responses with Ajax. Remember to add your random friend to your parameters!

Eric Pascarello

TrackBacks[0] Comments[24] Posted by pascarello on October 21, 2005 10:23:41 AM EST
Powered by Pebble 1.9.1 [ Login ] Content © Eric Pascarello